What F-Secure learned from phishing 80,000 people
According to a new study from cybersecurity company F-Secure, phishing emails mimicking HR announcements or asking for assistance with invoicing get the most clicks from recipients.
The study, To Click or Not to Click: What we Learned from Phishing 80,000 People, involved 82,402 participants and tested how employees from four different organisations responded to emails that simulated one of four commonly used phishing tactics.
Of the recipients, 22% that received an email simulating a human resources announcement about vacation time clicked, making emails that mimic those sent by HR the most frequent source of clicks in the study. An email asking the recipient to help with an invoice (referred to as CEO Fraud in the report) was the second most frequently engaged email type, receiving clicks from 16% of recipients.